CVE 7.3 HIGH

O+ Connect’s lack of authentication for IPC channels led to a local privilege escalation vulnerability._CVE-2026-22078

7.3 / 10
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H

Description

Because O+ Connect's IPC service does not authenticate clients, external applications can escalate privileges and perform sensitive actions through the IPC channel.

Basic Information

ID CVE-2026-22078
Source OPPO
Published Jun 29, 2026 at 08:05

Affected Product

Vendor OPPO
Product O+ Connect
Version 16.0.33
Affected Versions OPPO O+ Connect 16.0.33

CWE Classification

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.